I cannot login, it says incorrect password but it is not. Is anyone else facing difficulties to login?
IMO, this is pointless. As you see _e only echoes, it doesn’t do anything else. So if an attacker just want to ECHO anything why would he even need to target _e or php echo function? Why dont you just inject anything in the html?
Also check the Wordpress.org themes directory and see how many themese use esc_html_e instead of _e for the translation strings.
That script will execute when that page is loaded. BAD!Using esc_html_e instead:<span><?php esc_html_('Written by:', 'virtuti'); ?> <?php the_author(); ?></span>
There’s not even a single reference of that in the WordPress official codex, neither I could find any other link which tells that using _e is unsafe. Could you refer to some documentation?
Does anyone know which text editor it is? Really liked the syntax highlighting colors:
Permitted or not, this is really a bad idea to create so many different image sizes. You are creating 12 custom image sizes, WordPress will create 3 default sizes + 1 original image. So you will be creating 16 image copies for a single image, which is A LOT, as it will be using lots of server reources.
Also note, many users might not even use the features. For example if someone is using 3 columns masonry layout, s/he wont be using 4 columns layout as well. Similarly with the portfolio, blog grid, team image sizes. You are generating too many extra image sizes which will never be used by a user.
Any wordpress developer can do that if you pay reasonable money (a few thousands $) for that. Why won’t you just buy a similar theme if that specific one is not available for sale?
Any themeforest author / community member attendning WordCamp Europe 2014?